USN-3561-1: libvirt update

Ubuntu Security Notice USN-3561-1

libvirt update

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 17.10

Ubuntu 16.04 LTS

Ubuntu 14.04 LTS

Summary

Spectre mitigations were added to libvirt.

Software description

libvirt
– Libvirt virtualization toolkit

Details

It was discovered that microprocessors utilizing speculative executionand branch prediction may allow unauthorized memory reads via sidechannelattacks. This flaw is known as Spectre. An attacker in the guest could usethis to expose sensitive guest information, including kernel memory.

This update allows libvirt to expose new CPU features added by microcodeupdates to guests. On amd64 and i386, new CPU models that match the updatedmicrocode features were added with an -IBRS suffix. Certain environmentswill require guests to be switched manually to the new CPU models aftermicrocode updates have been applied to the host.

Update instructions

The problem can be corrected by updating your system to the following
package version: